Under Armour: Even a Maker of Cheap Apparel Can Be a Hacker’s Target

By Douglas A. McIntyre Updated Jan 12, 1:55AM EST · Published Mar 30, 6:30AM EDT

Follow 24/7 Wall St. on Google

This post may contain links from our sponsors and affiliates, and Flywheel Publishing may receive compensation for actions taken through them.

Under Armour: Even a Maker of Cheap Apparel Can Be a Hacker’s Target — © Wikimedia Commons (Marco Verch)

When Equifax data was hacked, it was understandable the public panicked. The cyberattack involved 145.5 million people. Since Equifax holds credit data on customers, the danger to these people was substantial. Under Armour Inc. (NYSE: UAA), which makes relatively inexpensive clothing, was hacked yesterday. About 150 million MyFitnessPal accounts were affected. And, it appears that no data that might be useful in stealing essential customer data was taken. Compared to other large cyberattacks, it is not very consequential.

However, it does show, once again, that hacking huge systems is not hard for skilled cybercriminals.

Under Armour announced:

… that it is notifying users of MyFitnessPal – the company’s food and nutrition application and website – about a data security issue. On March 25, the MyFitnessPal team became aware that an unauthorized party acquired data associated with MyFitnessPal user accounts in late February 2018. The company quickly took steps to determine the nature and scope of the issue and to alert the MyFitnessPal community of the incident.

Under Armour is working with leading data security firms to assist in its investigation, and also coordinating with law enforcement authorities. The investigation indicates that the affected information included usernames, email addresses, and hashed passwords – the majority with the hashing function called bcrypt used to secure passwords.

[nativounit]

The affected data did not include government-issued identifiers (such as Social Security numbers and driver’s license numbers), which the company does not collect from users. Payment card data was also not affected because it is collected and processed separately. The company’s investigation is ongoing, but indicates that approximately 150 million user accounts were affected by this issue.

Four days after learning of the issue, the company began notifying the MyFitnessPal community via email and through in-app messaging. The notice contains recommendations for MyFitnessPal users regarding account security steps they can take to help protect their information. The company will be requiring MyFitnessPal users to change their passwords and is urging users to do so immediately.

While the email addresses are potentially useful to a hacker, the “government-issued identifiers” and “payment card data” would be a gold mine.

The break-in generated a great deal of press coverage because of its size. The seriousness of the event is another issue.

[wallst_email_signup]

About the Author Douglas A. McIntyre →

Douglas A. McIntyre is the co-founder, chief executive officer and editor in chief of 24/7 Wall St. and 24/7 Tempo. He has held these jobs since 2006.

McIntyre has written thousands of articles for 24/7 Wall St. He is an expert on corporate finance, the automotive industry, media companies and international finance. He has edited articles on national demographics, sports, personal income and travel.

His work has been quoted or mentioned in The New York Times, The Wall Street Journal, Los Angeles Times, The Washington Post, NBC News, Time, The New Yorker, HuffPost USA Today, Business Insider, Yahoo, AOL, MarketWatch, The Atlantic, Bloomberg, New York Post, Chicago Tribune, Forbes, The Guardian and many other major publications. McIntyre has been a guest on CNBC, the BBC and television and radio stations across the country.

A magna cum laude graduate of Harvard College, McIntyre also was president of The Harvard Advocate. Founded in 1866, the Advocate is the oldest college publication in the United States.

TheStreet.com, Comps.com and Edgar Online are some of the public companies for which McIntyre served on the board of directors. He was a Vicinity Corporation board member when the company was sold to Microsoft in 2002. He served on the audit committees of some of these companies.

McIntyre has been the CEO of FutureSource, a provider of trading terminals and news to commodities and futures traders. He was president of Switchboard, the online phone directory company. He served as chairman and CEO of On2 Technologies, the video compression company that provided video compression software for Adobe’s Flash. Google bought On2 in 2009.